53 matches found
CVE-2004-2684
Technical details about CVE-2004-2684 are not publicly provided in the connected documents. The Initial Description is generic. Monitor for updates from vendors (InterSystems/Red Hat/NVD) for affected products and fixes.
CVE-2003-1333
Unspecified vulnerability in the Cache' Server Page CSP implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server...
CVE-2003-1333
InterSystems Cache CSP in Cache versions 4.0.3–5.0.5 is described as having an unspecified vulnerability that allows remote attackers to gain complete control of the server. The provided documents do not specify the root cause, affected components beyond CSP, exploit details, or remediation guida...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2007-0437
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2007-0437
Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...
CVE-2007-0437
CVE-2007-0437 involves multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts of InterSystems Cache. The affected components are CSP samples under csp/samples/: loop.csp (TO parameter), cookie.csp (VALUE), showsource.csp (PAGE); and (4) xmlclasseserror....
CVE-2004-2684
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including 1 cache.key and 2 cache.dat, related to .csp files under a Dev\studio\templates and b Devuser\studio\templates...
CVE-2004-2683
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server...
intersystems2.txt
Here are more details of my research... http://packetstormsecurity.nl/0307-exploits/intersystems.txt These are more details for the above advisory. Vuln1 Local attackers can exploit this to manipulate directories and binaries inside the installation tree. This may be used by a local malicious use...
[UNIX] Intersystems Cache' Database Two Local Root Vulnerabilities
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
InterSystems Cache 4.1.155.0.x - Insecure Default Permissions
InterSystems Cache 4.1.155.0.x - Insecure Default Permissions source: https://www.securityfocus.com/bid/8070/info It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for an...
InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions
source: https://www.securityfocus.com/bid/8070/info It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities...